One-tap payment using a contactless card
Abstract
One-tap payment using a contactless card. An application may output an indication specifying to tap a contactless card to complete a transaction initiated in the application. The application may receive encrypted data generated by the contactless card based on a private key stored in the contactless card. The application may transmit a merchant identifier, a transaction identifier, and the encrypted data to an authentication server. The authentication server may verify the encrypted data based on the private key for the contactless card stored by the authentication server. A virtual account number server may generate a virtual account number. A merchant server may receive the merchant identifier, the transaction identifier, the virtual account number, an expiration date, and a card verification value (CVV), and process the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A system, comprising:
a plurality of processor circuits; and
a memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
output, by an application executing on a first processor circuit of the plurality of processor circuits, an indication specifying to tap a contactless card to complete a transaction initiated in the application, the transaction associated with a transaction identifier;
receive, by the application from a communications interface of the contactless card, encrypted data generated by the contactless card based at least in part on a private key for the contactless card stored in a memory of the contactless card;
transmit, by the application: (i) a merchant identifier of a merchant associated with the application, (ii) the transaction identifier, (iii) the encrypted data, and (iv) a location of a device comprising the first processor circuit to an authentication application executing on a second processor circuit of the plurality of processor circuits;
verify, by the authentication application, the encrypted data by decrypting the encrypted data based at least in part on the private key for the contactless card;
determine, by the authentication application, that the contactless card has previously been used to make a purchase with the merchant;
determine, by the authentication application, that the location of the device is within a threshold distance of a known location, the known location to comprise at least one of a home location or a work location associated with the contactless card;
generate, by a virtual account number generator executing on a third processor circuit of the plurality of processor circuits based on the verification of the encrypted data, the determination that the contactless card has previously been used to make a purchase with the merchant, and the determination that the device is within the threshold distance of the known location by the authentication application, a virtual account number;
transmit, by the virtual account number generator, the merchant identifier, the transaction identifier, the virtual account number, an expiration date associated with the virtual account number, and a card verification value (CVV) associated with the virtual account number to a merchant server executing on a fourth processor circuit of the plurality of processor circuits, the merchant server associated with the merchant; and
process, by the merchant server, the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.
2. The system of claim 1 , wherein the expiration date and the CVV comprise one or more of: (i) an expiration date and a CVV generated by the virtual account number generator, and (ii) an expiration date and a CVV of the contactless card received by the virtual account number generator from an account database, the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
receive, by the virtual account number generator from the account database, an account holder name of an account associated with the contactless card and an address associated with the account; and
transmit, by the virtual account number generator, the account holder name and address to the merchant server, the merchant server further to process the transaction using the account holder name and address.
3. The system of claim 2 , the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
generate, by the merchant server, a transaction record in a transaction database comprising the transaction identifier, the virtual account number, the expiration date, the CVV, the account holder name, the address, and at least one of an indication of a purchased product and an indication of a purchased service;
transmit, by the merchant server to the application, an indication that the transaction was processed; and
output, by the application, the indication that the transaction was processed on a display.
4. The system of claim 3 , the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
determine, by the merchant server, an address conflict based on the address being different than a known address specified in a user profile;
transmit, by the merchant server, the address and the known address to the application;
output, by the application on a display of the device, an indication of the address and the known address;
receive, by the application, selection of one of the address and the known address; and
transmit, by the application, the selected one of the address and the known address to the merchant server to resolve the address conflict, the merchant server to process the transaction using the selected one of the address and the known address.
5. The system of claim 1 , the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
receive, by the application, authentication information for a user account associated with the contactless card, the authentication information comprising one or more of: (i) a username and a password, (ii) one or more biometric credentials; and
transmit, by the application, the received authentication information to the authentication application, the authentication application to verify the authentication information.
6. The system of claim 1 , wherein the communications interface of the contactless card is configured to support at least one of near field communication (NFC), Bluetooth, and Wi-Fi, the merchant server to process the transaction without receiving the virtual account number, the expiration date, the CVV, an account holder name, and an address from the application and without requiring a user of the application to provide authentication information to the application to authenticate with an account associated with the merchant, the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
determine, by the authentication application, a device identifier received from the application is associated with a user account associated with the contactless card.
7. A method, comprising:
outputting, by an application executing on a processor circuit, an indication specifying to tap a contactless card to complete a transaction initiated in the application, the transaction associated with a transaction identifier;
receiving, by the application from a communications interface of the contactless card, encrypted data generated by the contactless card based at least in part on a private key for the contactless card stored in a memory of the contactless card;
transmitting, by the application: (i) a merchant identifier of a merchant associated with the application, (ii) the transaction identifier, (iii) the encrypted data, and (iv) a location of a device comprising the processor circuit to an authentication server;
verifying, by the authentication server, the encrypted data by decrypting the encrypted data based at least in part on the private key for the contactless card stored in a memory of the authentication server;
determining, by the authentication server, that the contactless card has previously been used to make a purchase with the merchant;
determining, by the authentication server, that the location of the device is within a threshold distance of a known location associated with the contactless card, the known location to comprise at least one of a home location or a work location associated with the contactless card;
generating, by a virtual account number server based on the verification of the encrypted data, the determination that the contactless card has previously been used to make a purchase with the merchant, and the determination that the device is within the threshold distance of the known location by the authentication server, a virtual account number;
transmitting, by the virtual account number server, the merchant identifier, the transaction identifier, the virtual account number, an expiration date associated with the virtual account number, and a card verification value (CVV) associated with the virtual account number to a merchant server associated with the merchant; and
processing, by the merchant server, the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.
8. The method of claim 7 , wherein the expiration date and the CVV comprise one or more of: (i) an expiration date and a CVV generated by the virtual account number server, and (ii) an expiration date and a CVV of the contactless card received by the virtual account number server from an account database, the method further comprising:
receiving, by the virtual account number server from the account database, an account holder name of an account associated with the contactless card and an address associated with the account; and
transmitting, by the virtual account number server, the account holder name and address to the merchant server, the merchant server further to process the transaction using the account holder name and address.
9. The method of claim 8 , further comprising:
generating, by the merchant server, a transaction record in a transaction database comprising the transaction identifier, the virtual account number, the expiration date, the CVV, the account holder name, the address, and at least one of an indication of a purchased product and an indication of a purchased service;
transmitting, by the merchant server to the application, an indication that the transaction was processed; and
outputting, by the application, the indication that the transaction was processed on a display.
10. The method of claim 9 , further comprising:
determining, by the merchant server, an address conflict based on the address being different than a known address specified in a user profile;
transmitting, by the merchant server, the address and the known address to the application;
outputting, by the application on a display, an indication of the address and the known address;
receiving, by the application, selection of one of the address and the known address; and
transmitting, by the application, the selected one of the address and the known address to the merchant server, the merchant server to process the transaction using the selected one of the address and the known address.
11. The method of claim 10 , further comprising:
receiving, by the application, authentication information for a user account associated with the contactless card, the authentication information comprising one or more of: (i) a username and a password, (ii) one or more biometric credentials; and
transmitting, by the application, the received authentication information to the authentication server, the authentication server to verify the authentication information.
12. The method of claim 11 , wherein the communications interface of the contactless card is configured to support at least one of near field communication (NFC), Bluetooth, and Wi-Fi, the merchant server to process the transaction without receiving the virtual account number and without requiring a user of the application to provide authentication information to the application to authenticate with an account associated with the merchant, the expiration date, the CVV, an account holder name, and an address from the application, the method further comprising:
determining, by the authentication server, a device identifier received from the application is associated with a user account associated with the contactless card.
13. A non-transitory computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code executable by one or more processor circuits of a plurality of processor circuits to:
output, by an application executing on a first processor circuit of the plurality of processor circuits, an indication specifying to tap a contactless card to complete a transaction initiated in the application, the transaction associated with a transaction identifier;
receive, by the application from a communications interface of the contactless card, encrypted data generated by the contactless card based at least in part on a private key for the contactless card stored in a memory of the contactless card;
transmit, by the application: (i) a merchant identifier of a merchant associated with the application, (ii) the transaction identifier, (iii) the encrypted data, and (iv) a location of a device comprising the first processor circuit to an authentication application executing on a second processor circuit of the plurality of processor circuits;
verify, by the authentication application, the encrypted data by decrypting the encrypted data based at least in part on the private key for the contactless card;
determine, by the authentication application, that the contactless card has previously been used to make a purchase with the merchant;
determine, by the authentication application, that the location of the device is within a threshold distance of a known location, the known location to comprise at least one of a home location or a work location associated with the contactless card;
generate, by a virtual account number generator executing on a third processor circuit of the plurality of processor circuits based on the verification of the encrypted data, the determination that the contactless card has previously been used to make a purchase with the merchant, and the determination that the device is within the threshold distance of the known location by the authentication application, a virtual account number;
transmit, by the virtual account number generator, the merchant identifier, the transaction identifier, the virtual account number, an expiration date associated with the virtual account number, and a card verification value (CVV) associated with the virtual account number to a merchant server executing on a fourth processor circuit of the plurality of processor circuits, the merchant server associated with the merchant; and
process, by the merchant server, the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.
14. The non-transitory computer-readable storage medium of claim 13 , wherein the expiration date and the CVV comprise one or more of: (i) an expiration date and a CVV generated by the virtual account number generator, and (ii) an expiration date and a CVV of the contactless card received by the virtual account number generator from an account database, further comprising computer-readable program code executable by one or more of the processor circuits to:
receive, by the virtual account number generator from the account database, an account holder name of an account associated with the contactless card and an address associated with the account; and
transmit, by the virtual account number generator, the account holder name and address to the merchant server, the merchant server further to process the transaction using the account holder name and address.
15. The non-transitory computer-readable storage medium of claim 14 , further comprising computer-readable program code executable by one or more of the processor circuits to:
generate, by the merchant server, a transaction record in a transaction database comprising the transaction identifier, the virtual account number, the expiration date, the CVV, the account holder name, the address, and at least one of an indication of a purchased product and an indication of a purchased service;
transmit, by the merchant server to the application, an indication that the transaction was processed; and
output, by the application, the indication that the transaction was processed on a display.
16. The non-transitory computer-readable storage medium of claim 15 , further comprising computer-readable program code executable by one or more of the processor circuits to:
determine, by the merchant server, an address conflict based on the address is being different than a known address specified in a user profile;
transmit, by the merchant server, the address and the known address to the application;
output, by the application on a display of the device, an indication of the address and the known address;
receive, by the application, selection of one of the address and the known address; and
transmit, by the application, the selected one of the address and the known address to the merchant server to resolve the address conflict, the merchant server to process the transaction using the selected one of the address and the known address.
17. The non-transitory computer-readable storage medium of claim 16 , further comprising computer-readable program code executable by one or more of the processor circuits to:
receive, by the application, authentication information for a user account associated with the merchant, the authentication information comprising one or more of: (i) a username and a password, (ii) one or more biometric credentials.
18. The non-transitory computer-readable storage medium of claim 17 , wherein the communications interface of the contactless card is configured to support at least one of near field communication (NFC), Bluetooth, and Wi-Fi, further comprising computer-readable program code executable by one or more of the processor circuits to:
transmit, by the application, the received authentication information to the authentication application, the authentication application to verify the authentication information.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.